In one embodiment, an encryption operation may be performed by obtaining a product of a carry-less multiplication using multiple single instruction multiple data (SIMD) multiplication instructions each to execute on part of first and second operands responsive to an immediate datum associated with the corresponding instruction, and reducing the product modulo g to form a message authentication code of a block cipher mode. Other embodiments are described and claimed.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: multiplying a most significant portion of a product of a carry-less multiplication performed using a first single instruction multiple data (SIMD) multiplication instruction in a processor with a first value to generate a second value in the processor; multiplying a most significant portion of the second value with a least significant portion of an irreducible polynomial of a final field used in a block cipher to generate a third value in the processor; determining a remainder based on the third value; and generating a signal based on a value of the remainder, wherein the value of the remainder indicates whether an encrypted message is authentic in accordance with a Galois Counter Mode (GCM), wherein the first value comprises a quotient from a division of 2 256 with the irreducible polynomial of the final field used in the block cipher in accordance with the GCM.
2. The method of claim 1 , further comprising executing a plurality of the first SIMD multiplication instruction in a SIMD unit of the processor to obtain the product of the carry-less multiplication, wherein each of the plurality of the first SIMD multiplication instruction is associated with a different immediate datum.
3. The method of claim 2 , wherein each of the plurality of the first SIMD multiplication instruction is to execute on a portion of a first operand and a second operand responsive to the immediate datum associated with the corresponding first SIMD multiplication instruction.
4. The method of claim 3 , further comprising storing a temporary product of each of the plurality of the first SIMD multiplication instruction in a corresponding SIMD register of the processor.
5. The method of claim 4 , further comprising exclusive-OR-ing (XOR) a first temporary product and a second temporary product according to a second SIMD instruction and shuffling the XOR result according to a third SIMD instruction.
6. The method of claim 5 , further comprising accessing the first temporary product and the second temporary product directly from the corresponding SIMD registers and without a scalar domain-to-SIMD domain crossing.
7. The method of claim 1 , further comprising left shifting the product of the carry-less multiplication to accommodate a bit reflection property of the GCM.
8. The method of claim 1 , further comprising performing the first multiplying and the second multiplying according to a linear folding algorithm.
9. A non-transitory computer-readable storage medium comprising one or more instructions that when executed on a processor enable the processor to: multiply a most significant portion of a product of a carry-less multiplication performed using a first single instruction multiple data (SIMD) multiplication instruction with a first value to generate a second value; multiply a most significant portion of the second value with a least significant portion of an irreducible polynomial of a final field used in a block cipher to generate a third value; determine a remainder based on the third value; and generate a signal based on a value of the remainder, wherein the value of the remainder indicates whether an encrypted message is authentic in accordance with Galois Counter Mode (GCM).
10. The non-transitory computer-readable storage medium of claim 9 , further comprising instructions that enable the processor to execute a plurality of the first SIMD multiplication instruction in a SIMD unit of the processor to obtain the product of the carry-less multiplication, wherein each of the plurality of the first SIMD multiplication instruction is associated with a different immediate datum.
11. The non-transitory computer-readable storage medium of claim 10 , wherein each of the first SIMD multiplication instructions is to execute on a portion of a first operand and a second operand responsive to the immediate datum associated with the corresponding first SIMD multiplication instruction.
12. The non-transitory computer-readable storage medium of claim 11 , further comprising instructions that enable the processor to store a temporary product of each of the plurality of first SIMD multiplication instructions in a corresponding SIMD register.
13. The non-transitory computer-readable storage medium of claim 12 , further comprising instructions that enable the processor to exclusive-OR (XOR) a first temporary product and a second temporary product according to a second SIMD instruction and shuffle the XOR result according to a third SIMD instruction.
14. A system comprising: a processor including an encryption module to obtain a product of a carry-less multiplication using a plurality of first single instruction multiple data (SIMD) multiplication instructions each to execute on a portion of a first operand and a second operand responsive to an immediate datum associated with the corresponding first SIMD multiplication instruction, and to reduce the product modulo g to form a message authentication code of a mode of a block cipher; a memory coupled to the processor to store the plurality of first SIMD multiplication instructions; wherein the encryption module includes a SIMD unit to execute the plurality of SIMD multiplication instructions; wherein the encryption module is to store a temporary product of each of the plurality of first SIMD multiplication instructions in a corresponding SIMD register; and wherein the encryption module is to exclusive-OR (XOR) a first temporary product and a second temporary product according to a second SIMD instruction and shuffle the XOR result according to a third SIMD instruction.
15. The system of claim 14 , wherein the encryption module is to access the first temporary product and the second temporary product directly from the corresponding SIMD registers and without a scalar domain-to-SIMD domain crossing.
16. The system of claim 14 , wherein the encryption module is to form the message authentication code according to a linear folding algorithm for a reflected version of g.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 13, 2008
December 25, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.